Conventionally, access control decisions concerning whether a computer is granted access to a network are typically based at least in part on whether the computer meets certain system health requirements. In this respect, failure to keep computers that connect to a network up-to-date (e.g., equipped with the latest operating system updates, anti-virus signatures, etc.) is one of the most common ways that the integrity of the network may be jeopardized. For example, a computer that is not kept up-to-date may be vulnerable to malicious software which, when the computer connects to the network, can expose network resources to attacks and/or viruses. Thus, network administrators commonly specify minimum health requirements that a computer must satisfy to connect to a network. Enforcing these requirements can be difficult, especially given the number of different types of computers which request access, such as home computers, travelling laptops, etc., which are not under the administrator's direct control.
One product that assists administrators with ensuring that computers that access a network satisfy system health requirements is the Network Access Protection (NAP) product offered by Microsoft Corporation of Redmond, Wash. With NAP, administrators can define minimum health requirements that a computer must satisfy to connect, such as whether the computer has the most recent operating system updates installed, is equipped with the latest anti-virus signatures, has firewall software installed and enabled, etc. In a system that employs NAP, when a computer attempts to connect to the network, its health status is evaluated. Computers that comply with health requirements are granted access to the network, such as via the issuance of a certificate indicating compliance with those requirements, or using other techniques. Computers that do not comply are denied access, and may be subject to automatic remediation. For example, non-compliant computers may be automatically updated with missing software updates or configuration changes.
FIG. 1 is a block diagram depicting an example process whereby a computer attempts access to a network in a system employing NAP. In this process, computer 101 provides information relating to its health to health registration authority (HRA) 103 in act 105, which then passes that information to health policy server 104 in act 110. Health policy server 104 evaluates the information provided by computer 101 to determine whether it complies with system health policy. The results of this evaluation are then sent to HRA 103 in act 115. If computer 101 is compliant, in act 120 HRA 103 obtains a health certificate for computer 101 from health certificate issuing authority 106. The certificate is provided to HRA 103 in act 125, which then transfers it to computer 101 in act 130. Using the certificate, computer 101 may initiate protected communication with resource 102 in act 135, and respond to communications initiated by other compliant computers (not shown in FIG. 1) which authenticate themselves using corresponding health certificates.
If computer 101 is not compliant with system health policy, health policy server 104 informs HRA 103 that access is to be denied, so that HRA 103 does not obtain a certificate for computer 101 from health certificate issuing authority 106. As a result, computer 101 cannot initiate communication with resource 102. Also included with the information provided by health policy server 104 to HRA 103 may be remediation instructions to be executed by computer 101, such as to communicate with a remediation server (not shown in FIG. 1) to obtain components necessary to bring computer 101 into compliance with system health policy. The remediation instructions may be communicated to computer 101 in act 118.
Internet Protocol (IP) Security (IPsec) is a protocol suite used at the network layer of the Open Systems Interconnection (OSI) stack to secure communications that occur over a network in accordance with the IP protocol. A system that employs NAP and IPsec to secure network communications allows computers that comply with health requirements to connect with other computers on the network. Enforcement of NAP policy using IPsec confines communication to compliant computers after they have successfully connected and obtained a valid IP address configuration. In addition, a system that employs IPsec can control access to network resources (e.g., hosts, services, etc.) based on the identity of the device requesting access and/or its user.